<?php
  header("Cache-Control: no-cache, must-revalidate");
  header("Expires: Sun, 15 Mar 2009 05:00:00 GMT");
  include 'db-fajita.php';
  include 'functions.php';

  $sourceID = mysql_real_escape_string($postID);
  $factoidValue = mysql_real_escape_string(str_replace("%3F", "?",str_replace("%23", "#", $postFactoidValue)));
  $action = $postAction;

  if (isset($_SERVER["PHP_AUTH_USER"])) {
    $httpUsername = $_SERVER["PHP_AUTH_USER"]; // webform - $HTTP_USER
  }

  if ($action == "batcherase" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `original_value` = `factoid_value` WHERE `id` IN (%s) AND `factoid_value` <> '<reply>'",
                          $globalTableName, $sourceID);
    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1:" . $sourceID;
    } else {
      print "0:" . $sourceID;
    }

    $sqlquery = sprintf("UPDATE `%s` SET `factoid_value` = '<reply>' WHERE `id` IN (%s) AND `factoid_value` <> '<reply>'",
                          $globalTableName, $sourceID);
    mysql_query($sqlquery);
  } else if ($action == "batchlock" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `locked_by` = 'webuser - %s', locked_time = UNIX_TIMESTAMP(now()) WHERE `id` IN (%s) " .
                        "AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $httpUsername, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1:" . $sourceID;
    } else {
      print "0:" . $sourceID;
    }
  } else  if ($action == "batchunlock" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET locked_time = 0 WHERE `id` IN (%s) AND `locked_time` <> 0 AND `locked_time` IS NOT NULL",
                        $globalTableName, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1:" . $sourceID;
    } else {
      print "0:" . $sourceID;
    }
  } else if ($action == "batchdelete" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `factoid_key` = CONCAT(`factoid_key`, ' #DEL#'), `modified_by` = 'webuser - %s', " .
                        "modified_time = UNIX_TIMESTAMP(now()) WHERE `id` IN (%s) AND RIGHT(`factoid_key`,6) <> ' #DEL#'",
                        $globalTableName, $httpUsername, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1:" . $sourceID;
    } else {
      print "0:" . $sourceID;
    }

    $sqlquery = sprintf("UPDATE `%s` SET `locked_by` = 'webuser - %s', locked_time = UNIX_TIMESTAMP(now()) WHERE `id` IN (%s) " .
                        "AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $httpUsername, $sourceID);
    mysql_query($sqlquery);

    $sqlquery = sprintf("UPDATE `%s` SET `original_value` = `factoid_value` WHERE `id` IN (%s) AND `factoid_value` <> '<reply>'",
                        $globalTableName, $sourceID);
    mysql_query($sqlquery);

    $sqlquery = sprintf("UPDATE `%s` SET `factoid_value` = '<reply>' WHERE `id` IN (%s) AND `factoid_value` <> '<reply>'",
                        $globalTableName, $sourceID);
    mysql_query($sqlquery);
  } else if ($action == "batchactivate" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `factoid_key` = REPLACE(`factoid_key`, ' #DEL#', ''), `modified_by` = 'webuser - %s', " .
                        "modified_time = UNIX_TIMESTAMP(now()) WHERE `id` IN (%s) AND RIGHT(`factoid_key`,6) = ' #DEL#'",
                        $globalTableName, $httpUsername, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1:" . $sourceID;
    } else {
      print "0:" . $sourceID;
    }
  } else if ($action == "update" && $factoidValue != "" && $sourceID != "" && $sourceID > 0) {
    // The factoid value has to be updated, and both the key and the value was provided

    // First, we must ensure that the id as specified is not locked.
    $sqlquery = sprintf("SELECT COUNT(`id`) AS 'count' FROM `%s` WHERE `id` = %d AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $sourceID);
    $queryresult = mysql_query($sqlquery);
    $row = mysql_fetch_array($queryresult);

    if (intval($row["count"]) == 0) {
      // It's locked. Return the previous unaltered value
      $sqlquery = sprintf("SELECT `factoid_value` FROM `%s` WHERE `id` = %d", $globalTableName, $sourceID);
      $queryresult = mysql_query($sqlquery);
      $row = mysql_fetch_array($queryresult);

      // Now make sure a value exists for this id
      if (mysql_num_rows($queryresult) > 0) {
        print "1:" . $row["factoid_value"];
      } else {
        print "1:This factoid no longer exists.";
      }
    } else {
      // It's not locked! We can safely update it.
      //$sqlquery = sprintf("UPDATE `%s` SET `original_value` = `factoid_value` WHERE `id` = %d AND `factoid_value` <> '<reply>'",
      //                    $globalTableName, $sourceID);
      //mysql_query($sqlquery);

      $sqlquery = sprintf("UPDATE `%s` SET `factoid_value` = '%s', `modified_by` = 'webuser - %s', modified_time = UNIX_TIMESTAMP(now()) WHERE `id` = %d",
                          $globalTableName, $factoidValue, $httpUsername, $sourceID);

      if (!mysql_query($sqlquery)) {
        // The update failed. We must retried the current value from the database
        $sqlquery = sprintf("SELECT `factoid_value` FROM `%s` WHERE `id` = %d", $globalTableName, $sourceID);
        $queryresult = mysql_query($sqlquery);
        $row = mysql_fetch_array($queryresult);

        // Now make sure a value exists for this id
        if (mysql_num_rows($queryresult) > 0) {
          print "1:" . $row["factoid_value"];
        } else {
          print "1:This factoid no longer exists.";
        }
      } else {
        // The update succeeded. Return the value specified by the user
        print "0:" . $postFactoidValue;
      }
    }
  } else if ($action == "recover" && $factoidValue != "" && $sourceID != "" && $sourceID > 0) {
    // The factoid value has to be updated, and both the key and the value was provided

    // First, we must ensure that the id as specified is not locked.
    $sqlquery = sprintf("SELECT COUNT(`id`) AS 'count' FROM `%s` WHERE `id` = %d AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $sourceID);
    $queryresult = mysql_query($sqlquery);
    $row = mysql_fetch_array($queryresult);

    if (intval($row["count"]) == 0) {
      // It's locked. Return the previous unaltered value
      $sqlquery = sprintf("SELECT `factoid_value` FROM `%s` WHERE `id` = %d", $globalTableName, $sourceID);
      $queryresult = mysql_query($sqlquery);
      $row = mysql_fetch_array($queryresult);

      // Now make sure a value exists for this id
      if (mysql_num_rows($queryresult) > 0) {
        print "2:" . $row["factoid_value"];
      } else {
        print "1:This factoid no longer exists.";
      }
    } else {
      // It's not locked! We can safely update it.
      $sqlquery = sprintf("UPDATE `%s` SET `factoid_value` = `original_value` WHERE `id` = %d AND `factoid_value` <> `original_value` " .
                          "AND `original_value` IS NOT NULL AND `original_value` <> ''",
                          $globalTableName, $sourceID);
      mysql_query($sqlquery);

      $sqlquery = sprintf("UPDATE `%s` SET `original_value` = '%s', `modified_by` = 'webuser - %s', modified_time = UNIX_TIMESTAMP(now()) " .
                          "WHERE `id` = %d AND `factoid_value` = `original_value`",
                          $globalTableName, $factoidValue, $httpUsername, $sourceID);

      if (!mysql_query($sqlquery)) {
        // The update failed. We must retried the current value from the database
        $sqlquery = sprintf("SELECT `factoid_value` FROM `%s` WHERE `id` = %d", $globalTableName, $sourceID);
        $queryresult = mysql_query($sqlquery);
        $row = mysql_fetch_array($queryresult);

        // Now make sure a value exists for this id
        if (mysql_num_rows($queryresult) > 0) {
          print "2:" . $row["factoid_value"];
        } else {
          print "1:This factoid no longer exists.";
        }
      } else {
        // The update succeeded. Return the updated value from the database
        $sqlquery = sprintf("SELECT `factoid_value` FROM `%s` WHERE `id` = %d", $globalTableName, $sourceID);
        $queryresult = mysql_query($sqlquery);
        $row = mysql_fetch_array($queryresult);

        // Now make sure a value exists for this id
        if (mysql_num_rows($queryresult) > 0) {
          print "0:" . $row["factoid_value"];
        } else {
          print "1:This factoid no longer exists.";
        }
      }
    }
  } else if ($action == "delete" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `factoid_key` = CONCAT(`factoid_key`, ' #DEL#'), `modified_by` = 'webuser - %s', " .
                        "modified_time = UNIX_TIMESTAMP(now()) WHERE `id` = %d AND RIGHT(`factoid_key`,6) <> ' #DEL#'",
                        $globalTableName, $httpUsername, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still active (1: failed, 0: succeeded)
      print "1";
    } else {
      print "0";
    }

    $sqlquery = sprintf("UPDATE `%s` SET `locked_by` = 'webuser - %s', locked_time = UNIX_TIMESTAMP(now()) WHERE `id` = %d " .
                        "AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $httpUsername, $sourceID);
    mysql_query($sqlquery);

    $sqlquery = sprintf("UPDATE `%s` SET `original_value` = `factoid_value` WHERE `id` = %d AND `factoid_value` <> '<reply>'",
                        $globalTableName, $sourceID);
    mysql_query($sqlquery);

    $sqlquery = sprintf("UPDATE `%s` SET `factoid_value` = '<reply>' WHERE `id` = %d AND `factoid_value` <> '<reply>'",
                          $globalTableName, $sourceID);
    mysql_query($sqlquery);
  } else if ($action == "activate" && $sourceID != "") {
    $sqlquery = sprintf("UPDATE `%s` SET `factoid_key` = REPLACE(`factoid_key`, ' #DEL#', ''), `modified_by` = 'webuser - %s', " .
                        "modified_time = UNIX_TIMESTAMP(now()) WHERE `id` = %d AND RIGHT(`factoid_key`,6) = ' #DEL#'",
                        $globalTableName, $httpUsername, $sourceID);

    if (!mysql_query($sqlquery)) {
      // The update failed. Tell the client it's still deleted (1: failed, 0: succeeded)
      print "1";
    } else {
      print "0";
    }
  } else if ($action == "lock" && $sourceID != "") {
    // First, we must ensure that the id as specified is not locked.
    $sqlquery = sprintf("SELECT COUNT(`id`) AS 'count' FROM `%s` WHERE `id` = %d AND (`locked_time` = 0 OR `locked_time` IS NULL)",
                        $globalTableName, $sourceID);
    $queryresult = mysql_query($sqlquery);
    $row = mysql_fetch_array($queryresult);

    if (intval($row["count"]) == 0) {
      // It's locked. Return the failure code
      print "1";
    } else {
      // It's not locked! We can safely update it.
      $sqlquery = sprintf("UPDATE `%s` SET `locked_by` = 'webuser - %s', locked_time = UNIX_TIMESTAMP(now()) WHERE `id` = %d",
                          $globalTableName, $httpUsername, $sourceID);

      if (!mysql_query($sqlquery)) {
        // The update failed. Tell the client it's still deleted (1: failed, 0: succeeded)
        print "1";
      } else {
        print "2";
      }
    }
  } else if ($action == "unlock" && $sourceID != "") {
    // First, we must ensure that the id as specified is locked.
    $sqlquery = sprintf("SELECT COUNT(`id`) AS 'count' FROM `%s` WHERE `id` = %d AND `locked_time` <> 0 AND `locked_time` IS NOT NULL",
                        $globalTableName, $sourceID);
    $queryresult = mysql_query($sqlquery);
    $row = mysql_fetch_array($queryresult);

    if (intval($row["count"]) == 0) {
      // It's not locked. Return the failure code
      print "1";
    } else {
      // It's not locked! We can safely update it.
      $sqlquery = sprintf("UPDATE `%s` SET locked_time = 0 WHERE `id` = %d",
                          $globalTableName, $sourceID);

      if (!mysql_query($sqlquery)) {
        // The update failed. Tell the client it's still deleted (1: failed, 0: succeeded)
        print "1";
      } else {
        print "3";
      }
    }
  } else {
    print "";
  }
?>
